pclivesupport.net aggressive metoder

Altså -> https://www.pclivesupport.net/ ?

Har du købt/bestilt noget?

De ringede mig op tirsdag aften, uden jeg tidligere har haft kontakt til dem, hverken via internettet eller andet, og sagde at der var problemer på windowscomputere, som ville ødelægge dem, om han måtte tjekke min. jeg spurgte om det kostede noget og han sagde nej ikke før vi havde fundet ud af om der var nogle problemer på min. Det hele foregik på engelsk, da det jo er et udenlandsk firma fra gud ved hvor.
Der var det så jeg begik dumheden at lade ham koble sig på min computer. Efter han havde kontrollen over mit skrivebord og havde startet scanningen, spurgte han så hvilken pakke jeg ville købe. Jeg sagde at jeg ikke ville købe noget, men fik at vide at det nu var for sent og at min computer ville gå helt død, hvis ikke jeg købte deres service, og at det var mit eget ansvar at det skete. Så efter en lang diskussion med ham, følte jeg mig tvunget til at købe den billigst mulige løsning på service og vedligehold på et år til pensionistpris af 150§.
.........
Følgeton kommer senere, da jeg skal på arbejde nu!!!

Lad være med at betale, så tager vi den derfra.

For lige at tjekke om der er noget, der ikke skal være der.

Hent Combofix, og gem den i en mappe:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

ComboFix 11-06-22.05 - Anne Lise 23-06-2011  17:35:10.7.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.1978.964 [GMT 2:00]
Kører fra: c:\users\Anne Lise\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anne Lise\Desktop\Ny mappe\CFScript.odt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Andet, der er slettet  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0406.exe
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-05-23 til 2011-06-23  )))))))))))))))))))))))))))))))))))
.
.
2011-06-23 16:03 . 2011-06-23 16:03    --------    d-----w-    c:\users\Public\AppData\Local\temp
2011-06-23 16:03 . 2011-06-23 16:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-06-23 15:12 . 2011-06-23 15:25    --------    d-----w-    C:\32788R22FWJFW
2011-06-21 17:36 . 2011-06-21 17:36    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2011-06-21 16:15 . 2011-06-21 16:15    --------    d-----w-    c:\program files\IObit
2011-06-21 16:13 . 2011-06-07 15:55    7074640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A31CE778-CDA7-4293-8C83-5A8D9D82FFB1}\mpengine.dll
2011-06-16 09:52 . 2011-04-30 06:09    758784    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 09:52 . 2011-04-29 13:24    214016    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 09:52 . 2011-04-29 13:24    79872    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 09:52 . 2011-04-29 13:24    106496    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 09:52 . 2011-05-02 12:02    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-04 15:39    222080    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58    3913000    ----a-w-    c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-04 15:08    3911776    ----a-w-    c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
2010-11-13 20:58    3913000    ----a-w-    c:\program files\Oryte_Games_1.15\tbOryt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D2F11D8B-3EB5-4B42-9511-370DBEC707FB}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04    122512    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0BB]
@="{BC7D00C5-9CDE-4F36-99EA-F759F01A9F87}"
[HKEY_CLASSES_ROOT\CLSID\{BC7D00C5-9CDE-4F36-99EA-F759F01A9F87}]
2010-02-01 15:28    129536    ----a-w-    c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BB]
@="{A325B20C-FE16-4F1D-9385-DA3D2F4C4D1A}"
[HKEY_CLASSES_ROOT\CLSID\{A325B20C-FE16-4F1D-9385-DA3D2F4C4D1A}]
2010-02-01 15:28    129536    ----a-w-    c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2BB]
@="{44A21A60-4225-4E0F-A189-98AED6F43B05}"
[HKEY_CLASSES_ROOT\CLSID\{44A21A60-4225-4E0F-A189-98AED6F43B05}]
2010-02-01 15:28    129536    ----a-w-    c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-13 156672]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Anne Lise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BuddyBackup.lnk - c:\program files\BuddyBackup\BuddyBackup.exe [2011-2-7 8828224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-30 16:00    77824    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 13:42    292824    ----a-w-    c:\program files\Registry Mechanic\RMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-11 07:39    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-09 632792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys [2010-10-08 33352]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-05-18 c:\windows\Tasks\HPCeeScheduleForAnne Lise.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-03 22:14]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb
IE: &AOL Toolbar-søgning - c:\programdata\AOL\ieToolbar\resources\da-DK\local\search.html
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.162.153.164 192.168.0.1
.
- - - - TOMME GENVEJE FJERNET - - - -
.
AddRemove-My Little Pony - c:\windows\IsUn0406.exe
AddRemove-Peter Plys Skolestart - c:\windows\IsUn0406.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 18:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2011-06-23  18:16:53
ComboFix-quarantined-files.txt  2011-06-23 16:16
ComboFix2.txt  2011-01-06 17:11
ComboFix3.txt  2011-01-03 20:29
ComboFix4.txt  2010-10-26 22:15
ComboFix5.txt  2011-06-23 15:11
.
Pre-Kørsel: 125.072.252.928 byte ledig
Post-Kørsel: 124.674.007.040 byte ledig
.
Current=1 Default=1 Failed=0 LastKnownGood=53 Sets=1,2,3,4,5,6,7,8,9,53
- - End Of File - - 4B5260F9FE02D564E4461E64674D0500

Blev tvunget til at betale via AmazonPayments med det samme, inden vi kunne fortsætte. Var dog i banken den efterfølgende dag for at de kunne gøre indsigelse mod at de hæver beløbet!

Jeg fik også besked på at vidresende kvitteringsmailen fra AmazonPayments til firmaet hvorpå jeg skulle skrive: I have authorized this transaction and accepted the services, hvilket jeg så ikke har gjort.

Så snart jeg havde udfyldt formularen til betalingsfirmaet, gik arbejdet igang med at scanne min computer og foretage forsk. ting. Undervejs er der en dialogboks åben, hvor der står at de har kontrollen over mit skrivebord. Fik at vide at det ville tage omkring en times tid, men der gik omkring 7 timer, hvor discdefragmenteringen stod og kørte de 6 timer til kl. 02.30 om natten, derefter gav de ligesom op med det program. Derefter stod der pludselig ikke længere i dialogboksen at de havde kontrollen og jeg skyndte mig at lukke den ned og stoppe programmet og slukke min computer. Dagen efter forsøgte de at ringe mig op igen, men jeg tog ikke telefonen. Efter et par opringninger tog min mand telefonen og sagde: "You must be crazy", lagde røret på og siden har de ikke ringet.
Her i eftermiddag har jeg så fået en velkomstmail, hvori der står at jeg skal bekræfte det bestilte, samt at de yder en 30 dages pengene tilbage-garanti, hvis der er noget jeg ikke er tilfreds med. Det tror jeg nok lige der er!!! Men hvorfor så tvinge mig til at starte med????
Nå men det korte af det lange er at der p.t. ikke er trukket penge på min konto, så lad os håbe at de opgiver!!!

Du må få din bank forklaret, at du under ingen omstændigheder vil betale noget til de svindlere.
Derudover bør du anmelde dem, det kommer der sikkert ikke meget ud af, men det er forsøget værd.
https://www.cert.dk/vejled/anmeld.shtml
Du må gerne skrive at du er ved at få tjekket maskinen på Eksperten.

Drop fildeling >> http://www.spywarefri.dk/artikel/farerne-ved-fildeling/
http://spywarefri.dk/forum/topic.asp?TOPIC_ID=40284


Åbn mappen med Combofix, højreklik et tomt sted i mappen, vælg Ny->tekstdokument, åbn tekstdokumentet, kopier følgende ind:

Killall::
Snapshot::
Folder::
c:\program files\ConduitEngine
c:\program files\uTorrentBar\tbuTo1.dll
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[-HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-

klik på Filer->Gem som, navngiv den CFScript, luk tekstdokumentet.

Tag så fat i den nye fil med musen, og før den hen over Combofix-filen, hvorefter du "giver slip" med musen.
http://www.fromsej.saknet.dk/billeder/swfcombo.gif
Så skulle Combofix gerne give sig til at arbejde. Muligvis vil den kræve en genstart, hvilket du skal tillade. Du bør ikke klikke på vinduet imens værktøjet kører, idet det kan få din computer til at fryse.
Kopier den fremkomne log herind.
Får du noget der ligner denne fejl.
Der blev forsøgt en ugyldig handling på en registreringsdatabasenøgle, som er blevet mærket til sletning
Så genstart, en gang mere, det burde løse det.

ComboFix 11-06-23.01 - Anne Lise 23-06-2011  22:53:58.8.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.1978.915 [GMT 2:00]
Kører fra: c:\users\Anne Lise\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anne Lise\Desktop\Ny mappe\CFScript.odt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-05-23 til 2011-06-23  )))))))))))))))))))))))))))))))))))
.
.
2011-06-23 21:19 . 2011-06-23 21:19    --------    d-----w-    c:\users\Public\AppData\Local\temp
2011-06-23 21:19 . 2011-06-23 21:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-06-23 15:12 . 2011-06-23 20:46    --------    d-----w-    C:\32788R22FWJFW
2011-06-21 17:36 . 2011-06-21 17:36    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2011-06-21 16:15 . 2011-06-21 16:15    --------    d-----w-    c:\program files\IObit
2011-06-21 16:13 . 2011-06-07 15:55    7074640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A31CE778-CDA7-4293-8C83-5A8D9D82FFB1}\mpengine.dll
2011-06-16 09:52 . 2011-04-30 06:09    758784    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 09:52 . 2011-04-29 13:24    214016    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 09:52 . 2011-04-29 13:24    79872    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 09:52 . 2011-04-29 13:24    106496    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 09:52 . 2011-05-02 12:02    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-04 15:39    222080    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58    3913000    ----a-w-    c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-04 15:08    3911776    ----a-w-    c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
2010-11-13 20:58    3913000    ----a-w-    c:\program files\Oryte_Games_1.15\tbOryt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D2F11D8B-3EB5-4B42-9511-370DBEC707FB}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04    122512    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0BB]
@="{BC7D00C5-9CDE-4F36-99EA-F759F01A9F87}"
[HKEY_CLASSES_ROOT\CLSID\{BC7D00C5-9CDE-4F36-99EA-F759F01A9F87}]
2010-02-01 15:28    129536    ----a-w-    c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BB]
@="{A325B20C-FE16-4F1D-9385-DA3D2F4C4D1A}"
[HKEY_CLASSES_ROOT\CLSID\{A325B20C-FE16-4F1D-9385-DA3D2F4C4D1A}]
2010-02-01 15:28    129536    ----a-w-    c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2BB]
@="{44A21A60-4225-4E0F-A189-98AED6F43B05}"
[HKEY_CLASSES_ROOT\CLSID\{44A21A60-4225-4E0F-A189-98AED6F43B05}]
2010-02-01 15:28    129536    ----a-w-    c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-13 156672]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Anne Lise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BuddyBackup.lnk - c:\program files\BuddyBackup\BuddyBackup.exe [2011-2-7 8828224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-30 16:00    77824    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 13:42    292824    ----a-w-    c:\program files\Registry Mechanic\RMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-11 07:39    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-09 632792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys [2010-10-08 33352]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-05-18 c:\windows\Tasks\HPCeeScheduleForAnne Lise.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-03 22:14]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb
IE: &AOL Toolbar-søgning - c:\programdata\AOL\ieToolbar\resources\da-DK\local\search.html
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.162.153.164 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 23:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2011-06-23  23:26:44
ComboFix-quarantined-files.txt  2011-06-23 21:26
ComboFix2.txt  2011-06-23 16:17
ComboFix3.txt  2011-01-06 17:11
ComboFix4.txt  2011-01-03 20:29
ComboFix5.txt  2011-06-23 20:46
.
Pre-Kørsel: 124.835.274.752 byte ledig
Post-Kørsel: 125.054.861.312 byte ledig
.
Current=1 Default=1 Failed=0 LastKnownGood=53 Sets=1,2,3,4,5,6,7,8,9,53
- - End Of File - - 04BB58A188951F8ACF6FC18F431DFFF1

Kunne du ikke få CFScript til at virke?

Prøv en gang til, denne gang i fejlsikret.
http://www.eksperten.dk/spm/941631#reply_7798468

Jo det troede jeg da!

Jeg prøver en gang til!

Det volder mig lidt problemer nu. Har kopieret loggen, men var nødt til at genstarte grundet den fejlsikret tilstand, ja og så kunne jeg ikke længere indsætte.

Skal nu på arbejde og er ikke hjemme mere i dag, så jeg arbejder viddere på det i morgen!

Jeg er her ikke før søndag, har studentergilde i aften og i morgen.
(Yngste datter)

Så er den kørt i fejlsikret tilstand, håber du kan få noget ud af dette!




ComboFix 11-06-23.01 - Anne Lise 26-06-2011  10:04:42.9.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.45.1030.18.1978.1512 [GMT 2:00]
Kører fra: c:\users\Anne Lise\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anne Lise\Desktop\Ny mappe\CFScript.odt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Dannede nyt systemgendannelsespunkt
.
.
(((((((((((((((((((((((((((((  Filer skabt fra 2011-05-26 til 2011-06-26  )))))))))))))))))))))))))))))))))))
.
.
2011-06-26 08:12 . 2011-06-26 08:12    --------    d-----w-    c:\users\Anne Lise\AppData\Local\temp
2011-06-26 08:12 . 2011-06-26 08:12    --------    d-----w-    c:\users\Public\AppData\Local\temp
2011-06-26 08:12 . 2011-06-26 08:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-06-24 07:13 . 2011-06-07 15:55    7074640    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{70CD4E89-EC80-46AE-B128-E103624A99D9}\mpengine.dll
2011-06-21 17:36 . 2011-06-21 17:36    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2011-06-21 16:15 . 2011-06-21 16:15    --------    d-----w-    c:\program files\IObit
2011-06-16 09:52 . 2011-04-30 06:09    758784    ----a-w-    c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 09:52 . 2011-04-29 13:24    214016    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 09:52 . 2011-04-29 13:24    79872    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 09:52 . 2011-04-29 13:24    106496    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 09:52 . 2011-05-02 12:02    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-04 15:39    222080    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((  Start steder i reg.basen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58    3913000    ----a-w-    c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-04 15:08    3911776    ----a-w-    c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
2010-11-13 20:58    3913000    ----a-w-    c:\program files\Oryte_Games_1.15\tbOryt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D2F11D8B-3EB5-4B42-9511-370DBEC707FB}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04    122512    ----a-w-    c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-13 156672]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Anne Lise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16    39792    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-30 16:00    77824    ----a-w-    c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 13:42    292824    ----a-w-    c:\program files\Registry Mechanic\RMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-11 07:39    39408    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-09 632792]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
R3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys [2010-10-08 33352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
.
.
--- Andre Services/Drivers i Hukommelsen ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ      FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-05-18 c:\windows\Tasks\HPCeeScheduleForAnne Lise.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-03 22:14]
.
.
------- Yderligere scanning -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnb
IE: &AOL Toolbar-søgning - c:\programdata\AOL\ieToolbar\resources\da-DK\local\search.html
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.162.153.164 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-26 10:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ... 
.
scanner skjulte autostarter ...
.
scanner skjulte filer ... 
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2011-06-26  10:16:10
ComboFix-quarantined-files.txt  2011-06-26 08:16
ComboFix2.txt  2011-06-24 08:53
ComboFix3.txt  2011-06-23 21:26
ComboFix4.txt  2011-06-23 16:17
ComboFix5.txt  2011-06-26 08:02
.
Pre-Kørsel: 160.246.595.584 byte ledig
Post-Kørsel: 160.167.387.136 byte ledig
.
- - End Of File - - 8A6B2DBF78EE38ADEBFAE9A430C7028A

Undskyld forsinkelsen.
Det vil ikke som vi vil, så må vi prøve noget andet.

Hent Avenger 2 her:
http://swandog46.geekstogo.com/avenger2/avenger.zip

...og pak programmet ud.

Dobbeltklik på avenger.exe - nu dukker der et lille vindue op, hvor du skal kopiere HELE indholdet med fed skrift ind:

--------------------------------------------------------------

Folders to delete:
c:\program files\ConduitEngine
c:\program files\uTorrentBar\tbuTo1.dll

Registry values to delete:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | uTorrent

Registry keys to delete:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\{30F9B915-B755-4826-820B-08FBA6BD249D}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}
HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

-----------------------------------------

Klik på knappen Execute. Følg vejledningen og svar ja på spørgsmålene - programmet vil opfordre dig til at genstarte computeren, hvilket du skal gøre. Programmet vil lukke din computer, slette filerne og starte computeren igen.

Efter genstarten vil der dukke et notepad-vindue op, med en log for Avengers handlinger. Den skal du kopiere herind i forum i dit næste svar. Log'en kan også findes her: C:\avenger.txt.

Jeg er ikke hjemme før onsdag eftermiddag  så der vil jeg prøve det. Mvh Anne Lise.

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows NT 6.0 (build 6002, Service Pack 2)
Wed Jun 29 16:37:25 2011

16:36:29: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uTorrent"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry value deletion mode) 
16:36:42: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 
16:36:54: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 
16:36:58: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 
16:37:01: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 
16:37:04: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\{30F9B915-B755-4826-820B-08FBA6BD249D}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 
16:37:09: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 
16:37:12: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 
16:37:14: Error: Invalid registry syntax in command:
"HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\program files\ConduitEngine" deleted successfully.

Error: "c:\program files\uTorrentBar\tbuTo1.dll" is not a folder!  It may instead be a file.
Deletion of folder "c:\program files\uTorrentBar\tbuTo1.dll" failed!
Status: 0xc0000103 (STATUS_NOT_A_DIRECTORY)
  --> use "Files to delete:" instead of "Folders to delete:" to delete an ordinary file


Error:  registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

Er du der?

Ja, jeg har ventet i flere dage på en mail, den kom så ikke.
Det er ikke første gang Eksperten har kikset på det område.

Har du hørt mere fra det fupfirma?

Ja, de har ringet en del gange. I går trak de så pengene fra min konto. Jeg skrev en mail til dem i går at jeg ville have mine penge tilbage. I dag fik jeg så en mail tilbage at de ville refundere mine penge om en 6-7 arbejdsdage. Var også i banken i går for at underskrive en blanket til det der tidligere hed PBS, som vil gøre indsigelse mod hævningen og refundere mine penge, så der er håb forude.
Fik også spærret min konto, så der ikke kan hæves yderligere!
Jeg har ædret diverse adgangskoder, og så er vi jo sammen ved at gøre kål på resten!!!

Har du anmeldt dem?

Lad os lige prøve en scanner mere.
Hent Malwarebytes Anti-Malware herfra:
http://www.besttechie.net/tools/mbam-setup.exe


Installer programmet - når det er gjort skal du lade programmet opdatere sig. Herefter åbner et vindue, hvor du skal flytte prikken til "Kør et fuldstændigt systemscan" - klik på Skan Knappen - lad programmet arbejde. Når det er færdig (det tager lidt tid afhængig af hvor meget du har på computeren).

Derefter - Tryk på "Vis resultater" knappen efter scanningen - og herefter tryk på "Fjern det valgte" - nu åbnes log'en og du skal gemme den et sted, hvor du kan finde den igen.

Kopier indholdet herind og fortæl hvordan computeren kører nu ?

Er ikke helt klar over hvilket jeg skal vælge, synes der er lidt forskellige!

...synes der er lidt forskellige... - hvad mener du her ?

Her er et direkte link.
http://majorgeeks.com/downloadget.php?id=5756&file=15&evp=693ee0b20204960edfd909666f809b26

Så lykkedes det mig at få gennemført det også!


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7003

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

02-07-2011 13:24:27
mbam-log-2011-07-02 (13-24-27).txt

Skanningstype: Fuldstændig skanning (C:\|)
Objekter skannet: 402338
Tid gået: 1 time(e), 36 minut(ter), 11 sekund(er)

Hukommelses Processorer Inficeret: 0
Hukommelses Moduler Inficeret: 0
Registreringsdatabasenøgler Inficeret: 0
Registreringsdatabaseværdier Inficeret: 0
Registreringsdatabasedata Objekter Inficeret: 0
Inficerede Mapper: 0
Inficerede Filer: 1

Hukommelses Processorer Inficeret:
(Ingen skadelige objekter blev fundet)

Hukommelses Moduler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasenøgler Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabaseværdier Inficeret:
(Ingen skadelige objekter blev fundet)

Registreringsdatabasedata Objekter Inficeret:
(Ingen skadelige objekter blev fundet)

Inficerede Mapper:
(Ingen skadelige objekter blev fundet)

Inficerede Filer:
c:\Qoobox\quarantine\C\Users\Public\riverbelle.exe.vir (PUP.Casino.Gen) -> Not selected for removal.

Der burde ikke være mere at komme efter.
Oplever du nogen form for problemer?

Det hele kører fint nu!

Tusind tak for hjælpen. Det var langt mere end forventet!

Så svar du bare og få dine (få) point!

Velbekomme. :)

Jeg har også lige talt med en.meget ved holdende.efter lang tid og en rundtur(han guidede over telefon) på pc´en ,fandt han nogle error"som var meget farlige og kun" kostede 325 eru.Har beskyttet pc med div progammer og er tryk ved dem.men blev dog lidt forskrækket

Køb et tryklufthorn, ringer de så igen, så knald det af lige ind i telefonen, forhåbentlig giver det fjolset en varig høreskade.